#!/usr/bin/perl
#
# This test performs checks for system-related capabilties.
#

use Test;

BEGIN {
    $basedir = $0;
    $basedir =~ s|(.*)/[^/]*|$1|;

    $isnfs = `stat -f --print %T $basedir`;

    $test_count = 7;
    if ( $isnfs ne "nfs" ) {
        $test_count += 1;
    }

    plan tests => $test_count;
}

# Clean up from a previous run
system "rm -f $basedir/temp_file 2>&1";

#
# Tests for the good domain.
#

if ( $isnfs ne "nfs" ) {

    # CAP_SYS_RAWIO
    system "touch $basedir/temp_file 2>&1";
    $result =
      system
      "runcon -t test_scap_t -- $basedir/test_rawio $basedir/temp_file 2>&1";
    ok( $result, 0 );
}

# CAP_SYS_CHROOT
$result = system "runcon -t test_scap_t -- $basedir/test_chroot $basedir/ 2>&1";
ok( $result, 0 );

# CAP_SYS_PTRACE - Not done here.
# CAP_SYS_PACCT - Not done; needs support built into the kernel

# CAP_SYS_ADMIN
$result = system "runcon -t test_scap_t -- $basedir/test_hostname 2>&1";
ok( $result, 0 );

# CAP_SYS_BOOT - Not done; too dangerous

# CAP_SYS_NICE
$result = system "runcon -t test_scap_t -- $basedir/test_nice 2>&1";
ok( $result, 0 );

# CAP_SYS_RESOURCE - Not done.

# CAP_SYS_TIME - Not done.

# CAP_SYS_TTY_CONFIG - Not done; can result in a terminal hangup.

# Remove files from good tests
system "rm -f $basedir/temp_file 2>&1";

#
# Tests for the bad domain.
#

# CAP_SYS_RAWIO
system "touch $basedir/temp_file 2>&1";
$result = system
  "runcon -t test_noscap_t -- $basedir/test_rawio $basedir/temp_file 2>&1";
ok($result);

# CAP_SYS_CHROOT
$result =
  system "runcon -t test_noscap_t -- $basedir/test_chroot $basedir/ 2>&1";
ok($result);

# CAP_SYS_ADMIN
$result = system "runcon -t test_noscap_t -- $basedir/test_hostname 2>&1";
ok($result);

# CAP_SYS_NICE
$result = system "runcon -t test_noscap_t -- $basedir/test_nice 2>&1";
ok($result);

# Remove files from bad tests
system "rm -f $basedir/temp_file 2>&1";

exit;
